package org.wildfly.security.credential.source.impl;

import com.lowagie.text.xml.TagMap;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.KeyPair;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.cert.X509Certificate;
import java.security.spec.AlgorithmParameterSpec;
import org.wildfly.common.Assert;
import org.wildfly.security.SecurityFactory;
import org.wildfly.security.auth.SupportLevel;
import org.wildfly.security.credential.AlgorithmCredential;
import org.wildfly.security.credential.Credential;
import org.wildfly.security.credential.KeyPairCredential;
import org.wildfly.security.credential.PasswordCredential;
import org.wildfly.security.credential.PublicKeyCredential;
import org.wildfly.security.credential.SecretKeyCredential;
import org.wildfly.security.credential.X509CertificateChainPrivateCredential;
import org.wildfly.security.credential.X509CertificateChainPublicCredential;
import org.wildfly.security.credential.source.CredentialSource;
import org.wildfly.security.keystore.PasswordEntry;
import org.wildfly.security.x500.X500;

/* loaded from: input_file:WEB-INF/lib/wildfly-elytron-1.15.3.Final.jar:org/wildfly/security/credential/source/impl/KeyStoreCredentialSource.class */
public final class KeyStoreCredentialSource implements CredentialSource {
    private final SecurityFactory<KeyStore.Entry> entryFactory;

    public KeyStoreCredentialSource(KeyStore keyStore, String str, KeyStore.ProtectionParameter protectionParameter) {
        Assert.checkNotNullParam("keyStore", keyStore);
        Assert.checkNotNullParam(TagMap.AttributeHandler.ALIAS, str);
        this.entryFactory = () -> {
            return keyStore.getEntry(str, protectionParameter);
        };
    }

    public KeyStoreCredentialSource(SecurityFactory<KeyStore.Entry> securityFactory) {
        Assert.checkNotNullParam("entryFactory", securityFactory);
        this.entryFactory = securityFactory;
    }

    @Override // org.wildfly.security.credential.source.CredentialSource
    public SupportLevel getCredentialAcquireSupport(Class<? extends Credential> cls, String str, AlgorithmParameterSpec algorithmParameterSpec) throws IOException {
        return getCredential(cls, str, algorithmParameterSpec) != null ? SupportLevel.SUPPORTED : SupportLevel.UNSUPPORTED;
    }

    @Override // org.wildfly.security.credential.source.CredentialSource
    public <C extends Credential> C getCredential(Class<C> cls, String str, AlgorithmParameterSpec algorithmParameterSpec) throws IOException {
        AlgorithmCredential passwordCredential;
        try {
            KeyStore.Entry create = this.entryFactory.create();
            if (create == null) {
                return null;
            }
            if (create instanceof KeyStore.PrivateKeyEntry) {
                KeyStore.PrivateKeyEntry privateKeyEntry = (KeyStore.PrivateKeyEntry) create;
                X509Certificate[] asX509CertificateArray = X500.asX509CertificateArray(privateKeyEntry.getCertificateChain());
                X509Certificate x509Certificate = asX509CertificateArray[0];
                PrivateKey privateKey = privateKeyEntry.getPrivateKey();
                if (cls.isAssignableFrom(X509CertificateChainPrivateCredential.class)) {
                    passwordCredential = new X509CertificateChainPrivateCredential(privateKey, asX509CertificateArray);
                } else if (cls.isAssignableFrom(X509CertificateChainPublicCredential.class)) {
                    passwordCredential = new X509CertificateChainPublicCredential(asX509CertificateArray);
                } else if (cls.isAssignableFrom(PublicKeyCredential.class)) {
                    passwordCredential = new PublicKeyCredential(x509Certificate.getPublicKey());
                } else {
                    if (!cls.isAssignableFrom(KeyPairCredential.class)) {
                        return null;
                    }
                    passwordCredential = new KeyPairCredential(new KeyPair(x509Certificate.getPublicKey(), privateKey));
                }
            } else if (create instanceof KeyStore.TrustedCertificateEntry) {
                X509Certificate x509Certificate2 = (X509Certificate) ((KeyStore.TrustedCertificateEntry) create).getTrustedCertificate();
                if (!cls.isAssignableFrom(PublicKeyCredential.class)) {
                    return null;
                }
                passwordCredential = new PublicKeyCredential(x509Certificate2.getPublicKey());
            } else if (create instanceof KeyStore.SecretKeyEntry) {
                KeyStore.SecretKeyEntry secretKeyEntry = (KeyStore.SecretKeyEntry) create;
                if (!cls.isAssignableFrom(SecretKeyCredential.class)) {
                    return null;
                }
                passwordCredential = new SecretKeyCredential(secretKeyEntry.getSecretKey());
            } else {
                if (!(create instanceof PasswordEntry)) {
                    return null;
                }
                PasswordEntry passwordEntry = (PasswordEntry) create;
                if (!cls.isAssignableFrom(PasswordCredential.class)) {
                    return null;
                }
                passwordCredential = new PasswordCredential(passwordEntry.getPassword());
            }
            return (C) passwordCredential.castAs(cls, str, algorithmParameterSpec);
        } catch (GeneralSecurityException e) {
            throw ElytronMessages.log.unableToReadCredential(e);
        }
    }
}
